Skillv1.0.0

ClawScan security

cloud-game · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousApr 29, 2026, 5:02 AM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The skill's behavior mostly matches a cloud-game search/launch feature, but the runtime instructions require reading/writing a hard-coded local cache path (d:\skill\tianyi-cloud-game\.cache\api_cache.json) even though no config paths or file access are declared — this mismatch and filesystem persistence are unexpected and worth caution.
Guidance: This skill appears to do what it claims (search and open games on play.cn) but its runtime instructs the agent to read/write a hard-coded cache at d:\skill\tianyi-cloud-game\.cache\api_cache.json and to run PowerShell snippets — behavior not declared in the metadata. Before installing, consider: 1) Are you comfortable the agent will create and store API responses and your normalized queries on disk? Those cached entries may contain user inputs. 2) The path is Windows-specific and non-configurable in the SKILL.md; on non-Windows systems it may fail or behave unexpectedly. 3) If you need to proceed, prefer a version that lets you configure the cache directory (or disables caching) and that documents what is stored. If you cannot verify that, run the skill in a contained environment (sandbox/VM) or ask the author to remove hard-coded paths and declare file-access requirements.

Review Dimensions

Purpose & Capability: concernThe skill's stated purpose (search, recommend, open games on h5.play.cn) aligns with the use of play.cn APIs shown in SKILL.md. However, the SKILL.md mandates a local cache file at a specific Windows path (d:\skill\tianyi-cloud-game\.cache\api_cache.json) and file-IO behavior that were not declared in the skill metadata (Required config paths: none). That is an incoherence: a skill that does file persistence should declare/configure that requirement or allow a configurable path.
Instruction Scope: concernThe instructions contain precise runtime behavior including: normalizing user keywords, performing a cache gate before any API call, creating/reading/writing a cache JSON file, and example PowerShell code that posts to https://api.play.cn/.... These are implementation-level instructions that will cause the agent to perform filesystem writes and network calls. The instructions also hard-code Windows-specific paths and propose creating directories under d:\, which may be inappropriate or fail on non-Windows hosts.
Install Mechanism: okThere is no install spec and no code files to install — this is instruction-only. That reduces supply-chain risk because nothing new is written by an installer, though the skill's runtime will still perform file I/O and network calls as directed.
Credentials: noteThe skill requests no environment variables or credentials, which is proportionate for public API calls. However, it will persist API responses and normalized user queries to a local cache file; cached data may include user-provided keywords and API responses and thus could contain sensitive info. The metadata does not disclose this filesystem access or allow configuring the cache location, which is a transparency gap.
Persistence & Privilege: noteThe skill does not request 'always:true' and can be invoked by user only; good. But it explicitly writes persistent cache files to disk (creating folders under d:\skill\...). This is a moderate privilege: it alters the host filesystem and retains user queries/API responses between runs. The hard-coded path is Windows-specific and may cause unexpected behavior on other hosts.